SameSite: nonesamesitelaxFirefox 中没有关于
SameSite config.hsts = "max-age=#{2.years.to_i}"
config.x_content_type_options = "nosniff"
config.referrer_policy = "origin-when-cross-origin"
config.csp = {
default_src: %w('self'),
font_src: %w('self' data:),
img_src: %w('self' data: https://myapp.mydomain.com),
object_src: %w('none'),
script_src: %w('self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.google-analytics.com *.googletagmanager.com *.newrelic.com blob:),
style_src: %w('self' 'unsafe-inline'),
worker_src: %w('self' 'unsafe-inline' blob:),
connect_src: %w('self' *.nr-data.net *.google-analytics.com *.googletagmanager.com *.newrelic.com)
}
config.cookies = {
secure: true,
httponly: true,
samesite: {
lax: { only: ['_myapp_session'] },
none: { only: ['_ga', '_gid', '_gat', '_ga_XXXXXXXXX'] }
}
}
end
在 Firefox 控制台中:
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite [analytics.js:27:576](https://www.google-analytics.com/analytics.js)
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite [analytics.js:27:576](https://www.google-analytics.com/analytics.js)
Cookie “_gat” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite [analytics.js:27:576](https://www.google-analytics.com/analytics.js)
Cookie “_ga_VKH9NH625Z” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite```
And
```Request to access cookie or storage on “<URL>” was blocked because it came from a tracker and content blocking is enabled. 8
Request to access cookie or storage on “https://js-agent.newrelic.com/async-api.30bd804e-1.236.0.min.js” was blocked because it came from a tracker and content blocking is enabled.
Request to access cookie or storage on “https://js-agent.newrelic.com/860.03a8b7a5-1.236.0.min.js” was blocked because it came from a tracker and content blocking is enabled.
Request to access cookie or storage on “https://js-agent.newrelic.com/session-manager.2a64278a-1.236.0.min.js” was blocked because it came from a tracker and content blocking is enabled.
Request to access cookie or storage on “https://js-agent.newrelic.com/lazy-feature-loader.2f55ce66-1.236.0.min.js” was blocked because it came from a tracker and content blocking is enabled.
Request to access cookie or storage on “https://js-agent.newrelic.com/148.1a20d5fe-1.236.0.min.js” was blocked because it came from a tracker and content blocking is enabled.
Request to access cookie or storage on “https://js-agent.newrelic.com/page_view_event-aggregate.06482edd-1.236.0.min.js” was blocked because it came from a tracker and content blocking is enabled.
Request to access cookie or storage on “https://js-agent.newrelic.com/page_view_timing-aggregate.bd6de33a-1.236.0.min.js” was blocked because it came from a tracker and content blocking is enabled.
Request to access cookie or storage on “https://js-agent.newrelic.com/metrics-aggregate.3dc53903-1.236.0.min.js” was blocked because it came from a tracker and content blocking is enabled.```
### Generated headers
Set-Cookie:
`_myapp_session=BAh7C0kiD3Nlc3Npb25faWQGOgZFVEkiJTMxYzY3ODY3ODlmZjI1MTE5YzJjYTBjMTk4NWE5MDZhBjsAVEkiC2xvY2FsZQY7AEY6B3BsSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBUWwdbBmkCgQVJIiIkMmEkMTAkZFRqWHZVRGYwYS9GSVgyUUhveERKTwY7AFRJIhRzaG93X25ld3NfbW9kYWwGOwBGRkkiEF9jc3JmX3Rva2VuBjsARkkiMWIxOHdvUHJmQ0ljVkV1RmpXVXlscm0waTc4MXo0U2NwMDlqV045RHArdXM9BjsARkkiCmZsYXNoBjsAVG86JUFjdGlvbkRpc3BhdGNoOjpGbGFzaDo6Rmxhc2hIYXNoCToKQHVzZWRvOghTZXQGOgpAaGFzaH0ARjoMQGNsb3NlZEY6DUBmbGFzaGVzewY6CmFsZXJ0SSIdSmVzdGXFmyBqdcW8IHphbG9nb3dhbnkuBjsAVDoJQG5vdzA%3D--b34405b4ed7a5af671742c0c895bb91f9bc03f29; path=/; expires=Fri, 28-Jul-2023 21:15:13 GMT; secure; HttpOnly; SameSite=Lax`
Cookie:
`_ga=GA1.2.173371247.1691232864; _gid=GA1.2.1916219553.1612332864; _myapp_session=BAh7CkkiD3Nlc3Npb25aaZQGOgZFVEkiJTMxYzY3ODY3ODlmZjI1MTE5YzJjYTBjMTk4NWE5MDZhBjsAVEkiC2xvY2FsZQY7AEY6B3BsSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBIWwdbBmkCgQVJIiIkMmEkMTAkZFRqWHZVRGYwYS9GSVgyUUhveERKTwY7AFRJIhRzaG93X25ld3NfbW9kYWwGOwBGRkkiEF9jc3JmX3Rva2VuBjsARkkiMWIxOHdvUHJmQ0ljVkV1RmpXVXlscm0waTc4MXo0U2GaMDlqV045RHArdXM9BjsARg%3D%3D--61e9e2278d76f644442df9174a27f8667ccf016e; _ga_VKH9NH625Z=GS1.2.1663769319.2.1.1697520980.0.0.0`